aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Region/CoreModules
diff options
context:
space:
mode:
authorJohn Hurliman2010-03-19 15:17:15 -0700
committerJohn Hurliman2010-03-19 15:17:15 -0700
commit5e65bef80565e754e3f6c6d20e7d57d702174034 (patch)
tree7ee0765c8e2dcc3f7f2bbdf5a7f43550c289950c /OpenSim/Region/CoreModules
parentRenamed TryGetAvatar to TryGetScenePresence on SceneManager, SceneBase, Scene... (diff)
parentFlesh out the new permission method (diff)
downloadopensim-SC_OLD-5e65bef80565e754e3f6c6d20e7d57d702174034.zip
opensim-SC_OLD-5e65bef80565e754e3f6c6d20e7d57d702174034.tar.gz
opensim-SC_OLD-5e65bef80565e754e3f6c6d20e7d57d702174034.tar.bz2
opensim-SC_OLD-5e65bef80565e754e3f6c6d20e7d57d702174034.tar.xz
Merge branch 'master' of ssh://opensimulator.org/var/git/opensim
Diffstat (limited to 'OpenSim/Region/CoreModules')
-rw-r--r--OpenSim/Region/CoreModules/World/Land/LandObject.cs2
-rw-r--r--OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs162
2 files changed, 98 insertions, 66 deletions
diff --git a/OpenSim/Region/CoreModules/World/Land/LandObject.cs b/OpenSim/Region/CoreModules/World/Land/LandObject.cs
index b2d9b66..aca5514 100644
--- a/OpenSim/Region/CoreModules/World/Land/LandObject.cs
+++ b/OpenSim/Region/CoreModules/World/Land/LandObject.cs
@@ -894,7 +894,7 @@ namespace OpenSim.Region.CoreModules.World.Land
894 894
895 foreach (List<SceneObjectGroup> ol in returns.Values) 895 foreach (List<SceneObjectGroup> ol in returns.Values)
896 { 896 {
897 if (m_scene.Permissions.CanUseObjectReturn(this, type, remote_client, ol)) 897 if (m_scene.Permissions.CanReturnObjects(this, remote_client.AgentId, ol))
898 m_scene.returnObjects(ol.ToArray(), remote_client.AgentId); 898 m_scene.returnObjects(ol.ToArray(), remote_client.AgentId);
899 } 899 }
900 } 900 }
diff --git a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs
index 5c7f3b7..4dbdb01 100644
--- a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs
+++ b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs
@@ -217,7 +217,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
217 m_scene.Permissions.OnIssueEstateCommand += CanIssueEstateCommand; //FULLY IMPLEMENTED 217 m_scene.Permissions.OnIssueEstateCommand += CanIssueEstateCommand; //FULLY IMPLEMENTED
218 m_scene.Permissions.OnMoveObject += CanMoveObject; //MAYBE FULLY IMPLEMENTED 218 m_scene.Permissions.OnMoveObject += CanMoveObject; //MAYBE FULLY IMPLEMENTED
219 m_scene.Permissions.OnObjectEntry += CanObjectEntry; 219 m_scene.Permissions.OnObjectEntry += CanObjectEntry;
220 m_scene.Permissions.OnReturnObject += CanReturnObject; //NOT YET IMPLEMENTED 220 m_scene.Permissions.OnReturnObjects += CanReturnObjects; //NOT YET IMPLEMENTED
221 m_scene.Permissions.OnRezObject += CanRezObject; //MAYBE FULLY IMPLEMENTED 221 m_scene.Permissions.OnRezObject += CanRezObject; //MAYBE FULLY IMPLEMENTED
222 m_scene.Permissions.OnRunConsoleCommand += CanRunConsoleCommand; 222 m_scene.Permissions.OnRunConsoleCommand += CanRunConsoleCommand;
223 m_scene.Permissions.OnRunScript += CanRunScript; //NOT YET IMPLEMENTED 223 m_scene.Permissions.OnRunScript += CanRunScript; //NOT YET IMPLEMENTED
@@ -247,7 +247,6 @@ namespace OpenSim.Region.CoreModules.World.Permissions
247 m_scene.Permissions.OnDeleteUserInventory += CanDeleteUserInventory; //NOT YET IMPLEMENTED 247 m_scene.Permissions.OnDeleteUserInventory += CanDeleteUserInventory; //NOT YET IMPLEMENTED
248 248
249 m_scene.Permissions.OnTeleport += CanTeleport; //NOT YET IMPLEMENTED 249 m_scene.Permissions.OnTeleport += CanTeleport; //NOT YET IMPLEMENTED
250 m_scene.Permissions.OnUseObjectReturn += CanUseObjectReturn; //NOT YET IMPLEMENTED
251 250
252 m_scene.AddCommand(this, "bypass permissions", 251 m_scene.AddCommand(this, "bypass permissions",
253 "bypass permissions <true / false>", 252 "bypass permissions <true / false>",
@@ -1275,12 +1274,106 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1275 return false; 1274 return false;
1276 } 1275 }
1277 1276
1278 private bool CanReturnObject(UUID objectID, UUID returnerID, Scene scene) 1277 private bool CanReturnObjects(ILandObject land, UUID user, List<SceneObjectGroup> objects, Scene scene)
1279 { 1278 {
1280 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1279 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1281 if (m_bypassPermissions) return m_bypassPermissionsValue; 1280 if (m_bypassPermissions) return m_bypassPermissionsValue;
1282 1281
1283 return GenericObjectPermission(returnerID, objectID, false); 1282 GroupPowers powers;
1283 ILandObject l;
1284
1285 ScenePresence sp = scene.GetScenePresence(user);
1286 if (sp == null)
1287 return false;
1288
1289 IClientAPI client = sp.ControllingClient;
1290
1291 foreach (SceneObjectGroup g in new List<SceneObjectGroup>(objects))
1292 {
1293 // Any user can return their own objects at any time
1294 //
1295 if (GenericObjectPermission(user, g.UUID, false))
1296 continue;
1297
1298 // This is a short cut for efficiency. If land is non-null,
1299 // then all objects are on that parcel and we can save
1300 // ourselves the checking for each prim. Much faster.
1301 //
1302 if (land != null)
1303 {
1304 l = land;
1305 }
1306 else
1307 {
1308 Vector3 pos = g.AbsolutePosition;
1309
1310 l = scene.LandChannel.GetLandObject(pos.X, pos.Y);
1311 }
1312
1313 // If it's not over any land, then we can't do a thing
1314 if (l == null)
1315 {
1316 objects.Remove(g);
1317 continue;
1318 }
1319
1320 // If we own the land outright, then allow
1321 //
1322 if (l.LandData.OwnerID == user)
1323 continue;
1324
1325 // Group voodoo
1326 //
1327 if (land.LandData.IsGroupOwned)
1328 {
1329 powers = (GroupPowers)client.GetGroupPowers(land.LandData.GroupID);
1330 // Not a group member, or no rights at all
1331 //
1332 if (powers == (GroupPowers)0)
1333 {
1334 objects.Remove(g);
1335 continue;
1336 }
1337
1338 // Group deeded object?
1339 //
1340 if (g.OwnerID == l.LandData.GroupID &&
1341 (powers & GroupPowers.ReturnGroupOwned) == (GroupPowers)0)
1342 {
1343 objects.Remove(g);
1344 continue;
1345 }
1346
1347 // Group set object?
1348 //
1349 if (g.GroupID == l.LandData.GroupID &&
1350 (powers & GroupPowers.ReturnGroupSet) == (GroupPowers)0)
1351 {
1352 objects.Remove(g);
1353 continue;
1354 }
1355
1356 if ((powers & GroupPowers.ReturnNonGroup) == (GroupPowers)0)
1357 {
1358 objects.Remove(g);
1359 continue;
1360 }
1361
1362 // So we can remove all objects from this group land.
1363 // Fine.
1364 //
1365 continue;
1366 }
1367
1368 // By default, we can't remove
1369 //
1370 objects.Remove(g);
1371 }
1372
1373 if (objects.Count == 0)
1374 return false;
1375
1376 return true;
1284 } 1377 }
1285 1378
1286 private bool CanRezObject(int objectCount, UUID owner, Vector3 objectPosition, Scene scene) 1379 private bool CanRezObject(int objectCount, UUID owner, Vector3 objectPosition, Scene scene)
@@ -1747,67 +1840,6 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1747 return GenericObjectPermission(agentID, prim, false); 1840 return GenericObjectPermission(agentID, prim, false);
1748 } 1841 }
1749 1842
1750 private bool CanUseObjectReturn(ILandObject parcel, uint type, IClientAPI client, List<SceneObjectGroup> retlist, Scene scene)
1751 {
1752 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1753 if (m_bypassPermissions) return m_bypassPermissionsValue;
1754
1755 long powers = 0;
1756 if (parcel.LandData.GroupID != UUID.Zero)
1757 client.GetGroupPowers(parcel.LandData.GroupID);
1758
1759 switch (type)
1760 {
1761 case (uint)ObjectReturnType.Owner:
1762 // Don't let group members return owner's objects, ever
1763 //
1764 if (parcel.LandData.IsGroupOwned)
1765 {
1766 if ((powers & (long)GroupPowers.ReturnGroupOwned) != 0)
1767 return true;
1768 }
1769 else
1770 {
1771 if (parcel.LandData.OwnerID != client.AgentId)
1772 return false;
1773 }
1774 return GenericParcelOwnerPermission(client.AgentId, parcel, (ulong)GroupPowers.ReturnGroupOwned);
1775 case (uint)ObjectReturnType.Group:
1776 if (parcel.LandData.OwnerID != client.AgentId)
1777 {
1778 // If permissionis granted through a group...
1779 //
1780 if ((powers & (long)GroupPowers.ReturnGroupSet) != 0)
1781 {
1782 foreach (SceneObjectGroup g in new List<SceneObjectGroup>(retlist))
1783 {
1784 // check for and remove group owned objects unless
1785 // the user also has permissions to return those
1786 //
1787 if (g.OwnerID == g.GroupID &&
1788 ((powers & (long)GroupPowers.ReturnGroupOwned) == 0))
1789 {
1790 retlist.Remove(g);
1791 }
1792 }
1793 // And allow the operation
1794 //
1795 return true;
1796 }
1797 }
1798 return GenericParcelOwnerPermission(client.AgentId, parcel, (ulong)GroupPowers.ReturnGroupSet);
1799 case (uint)ObjectReturnType.Other:
1800 if ((powers & (long)GroupPowers.ReturnNonGroup) != 0)
1801 return true;
1802 return GenericParcelOwnerPermission(client.AgentId, parcel, (ulong)GroupPowers.ReturnNonGroup);
1803 case (uint)ObjectReturnType.List:
1804 break;
1805 }
1806
1807 return GenericParcelOwnerPermission(client.AgentId, parcel, 0);
1808 // Is it correct to be less restrictive for lists of objects to be returned?
1809 }
1810
1811 private bool CanCompileScript(UUID ownerUUID, int scriptType, Scene scene) { 1843 private bool CanCompileScript(UUID ownerUUID, int scriptType, Scene scene) {
1812 //m_log.DebugFormat("check if {0} is allowed to compile {1}", ownerUUID, scriptType); 1844 //m_log.DebugFormat("check if {0} is allowed to compile {1}", ownerUUID, scriptType);
1813 switch (scriptType) { 1845 switch (scriptType) {